Showing
1 changed file
with
44 additions
and
1 deletions
| @@ -24,6 +24,8 @@ import javax.crypto.spec.SecretKeySpec; | @@ -24,6 +24,8 @@ import javax.crypto.spec.SecretKeySpec; | ||
| 24 | import javax.servlet.http.HttpServletRequest; | 24 | import javax.servlet.http.HttpServletRequest; |
| 25 | import javax.servlet.http.HttpServletResponse; | 25 | import javax.servlet.http.HttpServletResponse; |
| 26 | import java.lang.reflect.Method; | 26 | import java.lang.reflect.Method; |
| 27 | +import java.net.InetAddress; | ||
| 28 | +import java.net.UnknownHostException; | ||
| 27 | import java.util.*; | 29 | import java.util.*; |
| 28 | 30 | ||
| 29 | public class SignatureVerifyInterceptor implements HandlerInterceptor, ApplicationEventPublisherAware { | 31 | public class SignatureVerifyInterceptor implements HandlerInterceptor, ApplicationEventPublisherAware { |
| @@ -160,7 +162,11 @@ public class SignatureVerifyInterceptor implements HandlerInterceptor, Applicati | @@ -160,7 +162,11 @@ public class SignatureVerifyInterceptor implements HandlerInterceptor, Applicati | ||
| 160 | * @return | 162 | * @return |
| 161 | */ | 163 | */ |
| 162 | private boolean validateReqParams(HttpServletRequest request, Map<String, String> params){ | 164 | private boolean validateReqParams(HttpServletRequest request, Map<String, String> params){ |
| 163 | - | 165 | + //内网访问的pc/h5不作校验 |
| 166 | + String clientType = params.get("client_type"); | ||
| 167 | + if(("web".equals(clientType) || "h5".equals(clientType) || "wechat".equals(clientType)) && isInnerIp(request)){ | ||
| 168 | + return true; | ||
| 169 | + } | ||
| 164 | //是否校验全部接口,开关-true:校验全部接口(除含@IgnoreSignature注解接口) 开关-false:只校验核心接口 | 170 | //是否校验全部接口,开关-true:校验全部接口(除含@IgnoreSignature注解接口) 开关-false:只校验核心接口 |
| 165 | boolean isVerifyAllMethod = configReader.getBoolean("gateway.signature.isVerifyAllMethod", false); | 171 | boolean isVerifyAllMethod = configReader.getBoolean("gateway.signature.isVerifyAllMethod", false); |
| 166 | if(!isVerifyAllMethod){ | 172 | if(!isVerifyAllMethod){ |
| @@ -176,6 +182,43 @@ public class SignatureVerifyInterceptor implements HandlerInterceptor, Applicati | @@ -176,6 +182,43 @@ public class SignatureVerifyInterceptor implements HandlerInterceptor, Applicati | ||
| 176 | return false; | 182 | return false; |
| 177 | } | 183 | } |
| 178 | 184 | ||
| 185 | + /** | ||
| 186 | + * 是否内网ip | ||
| 187 | + * @param request | ||
| 188 | + * @return | ||
| 189 | + */ | ||
| 190 | + public boolean isInnerIp(HttpServletRequest request){ | ||
| 191 | + String ip = getRemoteIP( request ); | ||
| 192 | + String[] ipArr = ip.split( "," ); | ||
| 193 | + InetAddress inetAddress = null; | ||
| 194 | + try { | ||
| 195 | + inetAddress = InetAddress.getByName( ipArr[ ipArr.length - 1 ].trim() ); | ||
| 196 | + } catch (UnknownHostException e) { | ||
| 197 | + logger.warn("isInnerIp error is {}", e); | ||
| 198 | + } | ||
| 199 | + if ( inetAddress.isSiteLocalAddress() ) { | ||
| 200 | + // 是内网IP | ||
| 201 | + return true; | ||
| 202 | + } else { | ||
| 203 | + // 不是内网接口 | ||
| 204 | + logger.info( "handler inner api interceptor, {} can not run inner api.", ip ); | ||
| 205 | + return false; | ||
| 206 | + } | ||
| 207 | + } | ||
| 208 | + | ||
| 209 | + /** | ||
| 210 | + * 获取用户IP | ||
| 211 | + * | ||
| 212 | + * @param httpServletRequest 1) x-forwarded-for 2).getRemoteAddr() | ||
| 213 | + * @return 用户IP | ||
| 214 | + */ | ||
| 215 | + private String getRemoteIP(final HttpServletRequest httpServletRequest) { | ||
| 216 | + String ip = httpServletRequest.getHeader("X-Forwarded-For"); | ||
| 217 | + if (StringUtils.isEmpty(ip)) { | ||
| 218 | + ip = httpServletRequest.getRemoteAddr(); | ||
| 219 | + } | ||
| 220 | + return ip; | ||
| 221 | + } | ||
| 179 | 222 | ||
| 180 | /** | 223 | /** |
| 181 | * 获取请求信息: requestParam | 224 | * 获取请求信息: requestParam |
-
Please register or login to post a comment